First published: Mon Nov 01 2010(Updated: )
Description of problem: The TIOCGICOUNT device ioctl in serial_core.c allows unprivileged users to read uninitialized stack memory, because the "reserved" member of the serial_icounter_struct struct declared on the stack is not altered or zeroed before being copied back to the user. Reference: <a href="http://www.openwall.com/lists/oss-security/2010/10/06/6">http://www.openwall.com/lists/oss-security/2010/10/06/6</a> <a href="http://lkml.indiana.edu/hypermail//linux/kernel/1009.1/03388.html">http://lkml.indiana.edu/hypermail//linux/kernel/1009.1/03388.html</a> Acknowledgements: Red Hat would like to thank Dan Rosenberg for reporting this issue.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <2.6.37 | |
debian/linux-2.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.